{"vuid":"VU#962459","idnumber":"962459","name":"TCP implementations vulnerable to Denial of Service","keywords":[""],"overview":"The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets.","clean_desc":"CWE-400:Uncontrolled Resource Consumption('Resource Exhaustion')- CVE-2018-5390 Linux kernel versions 4.9+can be forced to make very expensive calls to tcp_collapse_ofo_queue()and tcp_prune_ofo_queue()for every incoming packet which can lead to a denial of service. CWE-400:Uncontrolled Resource Consumption('Resource Exhaustion')- CVE-2018-6922 A TCP data structure in supported versions of FreeBSD(11,11.1,11.2,10,and 10.4)use an inefficient algorithm to reassemble the data. For both vulnerabilities,an attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. Thus,the attacks cannot be performed using spoofed IP addresses.","impact":"An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.","resolution":"Apply a patch\nPatches for the Linux kernel are available to address the vulnerability. Patches for FreeBSD are available to address the vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to Juha-Matti Tilli(Aalto University,Department of Communications and Networking/Nokia Bell Labs)for reporting these vulnerabilities.","author":"This document was written by Trent Novelly.","public":["https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e","https://www.spinics.net/lists/netdev/msg514742.html","https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc"],"cveids":["CVE-2018-5390","CVE-2018-6922"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2018-07-10T13:59:22Z","publicdate":"2018-07-23T00:00:00Z","datefirstpublished":"2018-08-06T17:11:53Z","dateupdated":"2018-09-14T19:29:12Z","revision":31,"vrda_d1_directreport":"1","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"N","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.1","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","cvss_temporalscore":"6.4","cvss_environmentalscore":"6.411660192","cvss_environmentalvector":"CDP:ND/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}